[pawpatrules.fr] LLMNR / NBT-NS Poisoning detection with Suricata IDS/NSM engine

By responding to LLMNR/NBT-NS network traffic, adversaries may spoof an authoritative source for name resolution to force communication with an adversary controlled system. This activity may be used to collect or relay authentication materials.

Network detection is possible with Suricata 👀

To download 🐾 PAW Patrules rules collection for Suricata :